IE7 flaw being investigated

Microsoft is investigating a possible vulnerability that could help phishing scams.

Microsoft is investigating a possible vulnerability in Internet Explorer 7 that could help phishing scams.

The investigation was prompted after a developer discovered the potential fault, the firm said. The vulnerability could allow an attacker to use an error message displayed by the latest Microsoft browser to send web surfers to malicious sites displaying the address of a trusted site.

The vulnerability relates to the message Internet Explorer displays when web page loading is aborted. An attacker can rig the message by creating a malicious link. The message will offer a link to retry loading the page; reloading then brings up the attacker’s page, but showing an arbitrary web address.

A representative at Microsoft said that Microsoft was not aware of any attacks attempting to use the reported vulnerability. “We will continue to investigate and help provide additional guidance for customers as necessary,” the representative said in a statement.